Privacy and confidentiality of information policy

purpose

To establish the principles by which Red Nose manages personal information, including health information, to ensure the privacy and confidentiality of that information.

definitions

Personal information is information which directly or indirectly identifies a person.

Health information is information or an opinion about:

a) the physical, mental or psychological health (at any time) of an individual; or

b) a disability (at any time) of an individual; or

c) an individual’s expressed wishes about the future provision of health services to him or her; or

d) a health service provided, or to be provided, to an individual, that is also personal information.

Sensitive informationis information or an opinion about an individual’s:

- racial or ethnic origin;

- political opinions;

- membership of a political association;

- religious beliefs or affiliations;

- philosophical beliefs;

- membership of a professional or trade association;

- membership of a trade union;

- sexual preferences or practices;

- criminal records; or

- health information and genetic information about an individual that is not otherwise health information

policy principles

1. general principles

1.1 Red Nose collects and administers a range of personal information for the purposes of providing services, raising funds and promoting the work of the organisation.

1.2 Red Nose is bound by the relevant Commonwealth and State privacy legislation only in relation to specific services it is contracted to provide by a government agency or body, but aims to operate in accordance with the Australian Privacy Principles in all its activities.

1.3 Red Nose recognises the right of individuals to have their personal information administered in a manner that meets their reasonable expectation to privacy in accordance with both legislation where applicable and the core values and principles of the organisation.

1.4 Red Nose will take all reasonable steps to inform people of our privacy policy including making a copy available on request, providing links on all websites managed by the organisation and including information in any relevant publications.

1.5 Red Nose will nominate a staff member to be the Privacy Officer.

2. collection of personal information

2.1 Red Nose will only collect information necessary for the performance of its functions.

2.2 Red Nose will advise those from whom it is collecting information the reason for collection of that information and how it will be administered.

2.3 Consent will be sought from any individual from whom health information is required by Red Nose to provide its services

2.4 Sensitive information is collected only for the purpose of providing bereavement support.

2.5 Where personal information cannot be directly collected from the person to whom it relates and is collected from a third party, Red Nose will inform the person of its source only where it would not pose a threat to the life or health of the person providing the information, or does not constitute a breach of confidentiality.

2.6 Red Nose uses Google Analytics to analyse the audience of its websites and improve our content. No personal information is collected from Google Analytics. For further information on the privacy policy concerning Google Analytics, please go here, https://support.google.com/analytics/answer/6004245?hl=en

3. use and disclosure of personal information

3.1 Red Nose will only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose (unless otherwise authorised by law).

3.2 Consent will be obtained prior from the affected person if the information is required to be used for any other purpose.

3.3 Red Nose will not disclose health information to any party in the absence of a legal obligation, except in emergency medical circumstances or where there is a reasonable concern of risk of harm to the person themselves or others.

4. accuracy of personal information

Red Nose will take all reasonable steps to ensure information collected is accurate, complete, current and relevant to the functions of the organisation.

5. security of personal information

Red Nose will take all reasonable steps to safeguard information collected against misuse, loss, unauthorised access and modification.

6. access to personal information

Red Nose will provide an individual with reasonable access to their personal information for the purpose of ensuring it is and correct it if it is inaccurate, incomplete, misleading or not up to date.

7. requests for anonymity

Red Nose will:

7.1 respect and respond positively to any requests for anonymity;

7.2 provide those providing personal information the option of not identifying themselves when completing evaluation forms and/or opinion surveys; and

7.3 not use any identifiers to retain information without a person’s consent.

8. provision of information to other service providers

Red Nose will only release personal information:

8.1 with that person’s permission in writing; or

8.2 if requested by the person concerned to provide that information to a third party.

9. protected disclosure legislation

Where Protected Disclosure and/or Whistleblower legislation is applicable to Red Nose as a contracted service provider to government, the organisation will comply with, and be bound by, the provisions of the relevant legislation.

10. confidential information

10.1 Any confidential information divulged by a client during any provision of service shall be bound by the provisions of this policy.

10.2 Any confidential information provided that implicates a person, either as a perpetrator or victim, in a crime may be subject to mandatory reporting or other legislative requirements. Where the organisation is not obliged to report such disclosures it will make a judgement whether to do so based on the ethics and values of the organisation.